App Alert: It might just be a Trojan horse

App Alert: It might just be a Trojan horse

Shom Choudhury, a 29-year-old BPO professional, recently downloaded an application that would act as a doctor for his smartphone by extending its battery life. He searched for the application on the internet and found an Android site that said the app was for free.

Only after downloading did he realise it was not a genuine app. In fact, the app store itself was fake. Choudhury was terrified when he learnt this could be used for stealing information from his device. He, therefore, immediately deleted it.

Malware and fake apps are passe. Attackers are now targeting users by faking the entire app store itself.

App Alert: It might just be a Trojan horse

Symantec observed a 42 per cent increase in mobile vulnerabilities, according to the Internet Security Threat Report XVI. Most attacks on the mobile platform that Symantec has observed have been Trojanised versions of Android apps -- where attackers inject malicious code into legitimate apps and upload them back into the app store.

The new development, however, is the creation of not just a malicious app, but an entire ecosystem thriving around mobile malware, according to Symantec.

Except for the URL, the sites look so genuine that it is difficult to identify whether these are original or fake.

App Alert: It might just be a Trojan horse

Innocent users get lured by popular apps (in reality malware) on offer at throwaway prices or available for free. Security experts feel the Android app market is the particular target of these fake app stores, since it is more popular in India.

Shantanu Ghosh, VP and MD, India Product Operations at, Symantec. says, "An interesting feature of this fake app market is it uses a technique called server-side polymorphism. What this means is that every time a file is downloaded, a unique version of the file is created in order to evade traditional signature-based detection."

Symantec detects all of these variants as Android.Opfake. The sites hosting Opfake include either links or buttons that can be used to download the malicious packages purporting to be free versions of the popular Android software.

App Alert: It might just be a Trojan horse

Every time the threat is downloaded, the applications morph themselves automatically. "In addition, manual modifications are also made every few days, indicating that the malware authors actively nurture this malware family," he says.

Quick Heal Technologies has also spotted this trend in India. Sanjay Katkar, Co-Founder & CTO, Quick Heal Technologies, informs he had seen these cases mostly in the Android marketplace, where the user could realise he/she had downloaded an app from a fake store only after installation.

"It is difficult to remove the threat caused by the app, as at present, no technology can scan the mobile phone completely," says Katkar.

App Alert: It might just be a Trojan horse

"Comparatively in India, it is in a nascent stage. The phenomenon is more global where non-availability of the app stores in certain geographies gives rise to third party ones. Consumers here have the only option of procuring the apps from third-party ones," says Rammurthy.

He added that apart from the low prices, other offers are related to pre-release apps for a famous app, which turns out to be ad-click fraud or it simply takes over the user's address book and conducts activities that are more nefarious.

App Alert: It might just be a Trojan horse

Some experts feel that there is no need to panic about this issue right now. Altaf Halde, MD, Kaspersky Lab-South Asia, opines that though malware attacks have been common through fake apps, fake appstores are a relatively new phenomenon.

"Users usually have an official default app marketplace in their phone. As long as they use it carefully, there is no threat."

Experts also feel that apps being banned in legitimate stores, for violations of policy can find their way in to third party sites. This makes users vulnerable to attacks.